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ABSTRACT: 

PROBLEM TO BE SOLVED: To make communication between a financial server and a 
user who is related to a web browser safe by including some security functions 
in the web browser and the web server. 

SOLUTION: A financial server 102 includes an audit trail 122 which traces 
each transaction. An HTML form 124 performs transmission to a web browser 216 
in a cipher format or without performing special formatrjngs. The browser 216 
returns a message 143, including form data to the server 102 in an enciphered 
format, in a format which includes the digital signature of a user and a time 
stamp and in a format which includes the digital signature of the user and a 
time stamp and is enciphered or without performing special formattings. The 
browser 216 is provided with an encipher procedure 220, a time stamp procedure 
228, a digital signature procedure 230, and a random key generating procedure 
232. 
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JEAT**. flBimtt, *>6B3lrtfc2oJ:9#< 

io ma-fa . 

[0020] 05fttf6«. >>i^7')W7*- 
1 4 3 Jt-^ 10 2 A^-t^ACfiEffl S tlhM 0 ^ 
-/•fe-yV^T^hJr^LTV^I.. KO^ v-b-v'14 
3<i. «mn»7 (ID) 7-{-;WF257. 75/7 
iH«2 58. fttf*-*7-f-A'H2 6 0t'*tKv 
H2 5 2t:isArC\^h. ~7y7-? 

^<fc$n^7*-v»/ h^*L. "S" l^t-Af- 
* 2 5 6 tfx 4 if9AXM&&9 4&A9 >7&&AX 

jFt -f s J9A&&&Xf9 A J**9 VTttsA,X\*h - 1 
^*L. -eLT "N" \mW£V 4V7X\t 
*V»£i:**LTV»6. ^— S7-f-^K2 6 0«. H 
V 5 y ^A-t ydf Sr 

[O0 2 1]I0^7*-yl4 3<Dl2«U3-H 
»L 5 y/ A-b y >- 3 ydf- 2 5 4 x-bh Z t iPCZ 
h. dO^—2 5 4«. y nr-Af-9 2 5 6im^it 
ZtlX^tM&-fm$tZti&. T-9bW5ft.ZiXfii7 
30 =r-v-/hT*<e^l$<x&^tli. •b-yv 3 ydf- 
{i7*-A7r-fyPrtC#*^v\ I0^7t-y'l 

4 3<0m3«0^^»i. 7*- Ar-^2 5 6$-^tf. 7 
*-Af-^2 5 6tt, W-U3-H2 52077 
/7 ^ -/l' Y 2 5 8 t^L^: J: o C7 -y b Ztl 
h. ±aLtid*7r^^7*-V yhft 

h. 

[0022] HTMLSSI 

*5KBJ±, HTML FORM^^^*t3S?rffiffl-r 
40 fi<3gOlO<0-fe»/ Mi. fg»HTML7*- 
A2 64Srj8S-f&£i:t»tS. Cl^)7*-A« s V 

W|g2<0-b-yHi. i*g$fl£HTML7*-AfttfH 
H7tt» JL— r®^7*-^A2 6 8fcW^SHT 

ml FORM^^tf^eai^-r. mu&m$74- 

JUY (Witt, request = "register" ) TfcO. .1*1 
50 f l^v'^^ j tf>ft{J*<97 *-A*«. SS7 t-At* 



13 

7 4— IVY (t^X-lf. key = "server's public key") 

zti&) 7*- AtttiTVhJ-' \w m*>. ->x 

H$'tlSrrS^«>lC:ffifflSit&. HTML FO 

>yr-j 7 4-lVV£l5ttZttf?£&. V 

•y h- 7 -r FI±M "9 ^ >y -fc-y057 *- V y r- 

U ^7 7 h 7 ■( S y/<o, BP 

Vii 5 V77 *-A*WftSivC USC: i: 

y 4—&T-?tf\mitztitz7t~-? ••/ hxmztiz 

-ftfjL— fcof -f i^i^fc&t^M AX^xrfcS- 
[0023] set. v-^com^fc*-zmmif7v 
Y7*--?»/h7 4-frvtmz&m-&fi:it>iz. 

A— fK&M$tl&miC0HTUlL.7*- 
Ztlii'7±7'7'7Wtz£~>TU¥fZtl&. Zil 

■&m.*mcth. &m--><frt>m-zHTML7* 

-All. FORM?^rtojJ*LJtfrLv^-f-;PH«0 

Htt. M?&l>grU>7 4-^K£kS*AftT£v>H 
TMLfOA'-va >£M&t&Zti>X'£Z>. 
[00 24] jzftWZHTML FORM^fltDfrL 

m-t&zttfvzh. set:. *^HBii^sHTML 

^Sr&fflLT. £fc«$iU^HTML*:^>&Jfl£jI 

<r)7-*T?+*. *%8Hz£^xmf2ti&!m. r 
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[002 5] tMMI^S^HM 
@9«. MBD^IBUIvXtAI OO&lX^^cO^ffi 

vh3ytfjL-?i0 6traS^-SJ— if<± x i*f<7)Bg 
1 SSr^^^xT-T-^^lf 2 1 6£^B 
Uf772 26) . $r£L<J;L 7-74**- h/ 
£m*-tt2 1 8£ffc£U jl— 
10 LT 7 *- AtCr 4 i?9 ASM > U V—XtMi 

m-t:&miX3-—f<7>T4 iSfivrnzzmmth. 

-x-if Mt^-^ 1 0 2 O^th 13 4 £«L£1- 
£. ico^fH 3 4tt, J&«>tJ--if*^:lll^-v<l 0 

TML7*-A264S:aLTIIA$tl.& (Xf?72 
74) . JL-1fg»HTML7*-A264tt. HRW 
&T-:J\ &tf£ilT-:J\ Kjl— fco&PJ*- 1 
4 0 * jl— £ ttit". -B.J-— «f l 
0 2fctf>£fH 3 4 S:lt4i-S fc . (fJiS-f O^r^i 

20 t:^tH34t:o^3r>'*t«T^-lrX^-|,^t*J-C^ 
h (Xx»/T27 6) . #D^yHr-y^ 3 y+fc. 
— f&tf&SW-'N' 1 0 2 11. H TMLJR31 7*-Al 
2 4RX/7 *-J*t-9 1 4 3 ZimfhZtWX'Z & 
(XT-yT278) . 7*-A<07*- V y ht±. 
<7®tt£SLT^<trS. ^F<0^fcUi. -9--VN-1 0 
2 liB^ft;? 7*— J* ^^.-^BMt h-Lh KX- 
%h. m<T>m^Ut. -t-^i 0 2fi. »>x 
2 1 6j&qg$W)7 y HT-X •y-fe-^'&M'r.k 0 (C 
S i i: & . ^tfD-b -y v a y#S£7-r & i: 

30 J— ifdjgaj-r* Uf77280) . if« 

Mir-^ 102 tsgo-b -/ ^ g y zmmzit& z t 

[ 0 0 2 6 1 txT-T-yWUmfc^m 
ite-f. ^BtBt^l^xAi 0 0*«S^rr&rofc:. x-if 
i^7^ryhnyta-? 1 o 6^01^5^ 

a5fcLT. *flWb#«2 2 6#||fi : $^ 10ifc{±-e 
njJLh«Bg^-fl:^-2 1 8#£j£3;h.S. ffiU<i±. 

hi orx/1 izmfrh. wm^m 

2 2 6tt7*7>>-!f ^xy^A^-^'2 34 Sr^TS 
Uf7r300) . ^k^)i2 2 6li7-7'71f21 
6tM-T6>''«X7-H2 3 2*JL— tftffiL. 
«!aE-r& (XT-/T30 2) . «!aEt^-tSi:JL— f 
ffXTv 2 1 8#4j£S;h. (X 
T77304) . *7i/3>X-3-~-*r£m^Ztl.h (X 
x-y 7-306) . ^<?>ii<nZoWSzmmi>^ ^ 
50 fl:=f—2 1 Qi&jSfrhtL)t>£.®mhZ\ttfX'%h. 
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1 5 

B&^fbSffite. Schneier, Applied Cryptography. Jhon 
Wiley & Sons. 2ded.. 1996 {Cg&SiVCi} *) » #& 

1 8£B^HfcL (Xf7/3 0 

8) . zti^tt-iFFJEi,zimztifz r ) . tfzimm 
*m3?wim<?)&&iztmtz> (xf»/73 1 o ) . 

[0 0 2 7]Mi2=^2SI 

01 2A-1 2B«. MJttf-^'l 0 2#JL-lF*>£><0 10 

TV>S„ jl— Fti. ^riKlH i 13 4&tf^xv-Kl 
3 6fcJ^T:Mi1J--^10 2*cT:7-fcx$-& (Af-y 
T3 2 0 ) . M!-*f-^l 0 2\iMt 1 3 4XlX^WN' 
xy-F13 6£&aE-ri> (Xf773 2 2) . CKOSI 
IKi. £ff- 1 3 4 2ttP*.*'7- K 1 3 6 1 . i-if r~ 
^"<.-X 1 3 2rt<Or-^i: *m*-&i>ik&Zt££r> 

CDJL-WWimX'h h t mfc-ttltt (Xt»/ 7*3 24*0 
Y ) , ^Mt-A' 1 0 21*3— *f%My *- A 2 6 45: 20 

tfMra&3-£ (Xf77326), jl— tfga^H 
cOpJfflCWl/CJi. H13£#!8LT&j£t&. jl— If 
i^T-firWltf (XT-yT3 2 4C0N) . jl— 
Stt--A 1 0 2 fc cO^ff 1 3 4 £Hft-r S . MHV-rt 
lO2it?y47yhfrt>0)ffikZim?& (Xf77 
3 28) . itt^«DgMI±. ^x^-y. 7t-Af 

i^ta^s. ^uif-Aic^ii^-rryr-A' 
^itL^esicoss-^ijL Uf773 3o). -en 

fcffiKKJWS. 30 
[00 28] tLfiMloifcliWli^x^ 
-v'tm-S^c-Cfc^f. ^iW"-A'10 2«^S 

Ur y7*3 34) . »>x^->W<Ht**lfcHT 

AfcL 07Sr#B3LTmj4t^J:ot. FORM^rt 
Ofl»l&7 i-/UY£.£-?xmi2tl&. 9y4T>V 

»*L<(i-fe yv3y^-5rfflV^TW#ftTtS. 40 
*r-Kfrt>'7 ; ?4 T>h*«me>1xz>y*-M±. &£L 
<\t9yATVY<?ym*- zm^xv&fcth. Zti 
li. 9y4TlsY<M^-X^tt£tLhli<?>y*- 

&hZ\t h frt>T$> h . 
[0029]tt#fcLT. V-><frt>7y4Tyh*m 
t>ttimffi®Z%tsy*-M±. 54 

7 y v<mttirtfi&$i,tz*. f a y*-zm^xm^ 
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16. 

r>X£j&ZtltUf. *0>t>y : say*-ii.?y47yh 

£mttztix7y4Tyh'\mt>ti&. zcommv 

tt. 9y4 7yY\i.fcf%<r>7y4'<.-Y*-i:m\*Z 

^£\mm-hh^^m (DESOidS:) 
•y-fe-^i: JiHS&Wfc: ) -b v is 3 y*-BgHHb&W**l. 

[0030] w.<zmmmmx^ y-'V*. ^ 

M<7ym/y-y4<- h imfc^-zmn? hzt vx 
i>L&m*m t )*v-t- : JX'htui. zntv* 

- : J\iz$mtb^/y-vo-Y252<r>yy^y 
)VY25&ipfmZil. 7*-~?~/Y<?m?mifeiXh 

(Xy-/7332) . Bf^fl:$iTJt^.y-fe-^-(Hl^ i 
flag= "E" ) tftfi^-fcrfcL 
14 2 LT^^SilJt-fe -y 1/ 3 — 2 5 4 £ 
jg^-S (Xf773 36) . -fey^ 3 y^-«i. tf- 
'W£ffi*-*m^XJ-— f(0^^77y^-f2 1 6t 
£iXm*lr{tZtlX^&. <XV^T-b>yv3y#-2 5 4 
Srffiffl LT H»$tUt 7 it -At-* 2 5 6 J-^r-i. 

(Xf77338). mzjL-*f oy^mfy * -Af 
-* 2 5 6 £JflVvc-»f-A£DM£lEaB» 1 2 2*^3*1 
S (Xf77340) „ i^V^'C7=r-AT-*2 5 6* J 
fflCtSOS^tLS (Xf77342) . 

[0031] i-ifcor < WfrmZJlCim &x?y 

7t:istsimtZtlA:* y-b-v (BP^>. flag= 
"A" ) <D®&. Wto&£tUz*>y^3y*-2 54t: 
•r-JV)7y4 K- h 1 4 2 Srffiffl LTSSTT & 
(Xx-y 7*344) „ <i:u-e. u^fe7ya>^f-2 5 
4 £ffifflLTH»?iX^7*-Ax-* 2 5 6 ZMmt 
h (X-r yT34 6) . iJjt. J— if<7)r-f is9)l<m& 
2 1 8£> y U J--- f^^f- 1 4 

0 Zm^XWfrZ . Jt— if <0t -f v*;i^^traii- 
hflJ^xfyy-h. ^«y-fe-y'rtc7)fiir^<aSib^«i 
tiJ-ri. (Xf77348) . i-ifcOiim-14 0 
^-vn'cojl- ifr-*^-X 1 3 2t^K^th. 
^T~J^\0 2\t. ^-y-b-vtM-rS^^r-l^ 
3- Kco^ff I D 7 * K 2 5 7 Jrffiffl LT jl— f x 
1 3 2*m$tt&. K^X-J-— fO^tf. x 

4=J9)im%>. fAKxfyy-^ mfyx-hsf-tir 

fflV^TSaEiE»1 2 23&>ieir§tlS (XT"yT3 5 

o) . ijtv^^-Ar-^^ffiiacaui?^ (xf 

-/ 7*352) . CUvt\ #« , i©L(«^7'f Tyh3 5 
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[0032] jl— feor 4 : J9)Vm%,*ists4 f£f«2 2 2 itiffl LXy y?&*z y=/n y*- 25 4 

^-/-fc-^'14 3 (BD*>, flag= "S" ) li. jl— »f £4y£-f£ (XT-/7-3 68) . 7^*7^3^ 

Or-f is?)im2,#.V?4 J*X?yTTV5^tt.ZtLX^ -254J4. 7 *-Ax-?£^-ffc-f l-JttoKffiffl^ 

S^-/-fe-^'i:H-^X7 i -y7-<^FS:ffifflLT^I§ ftS Ux-y 7-370) . ^7^3^-2541^7 

flh. ^Mif-A-l 0 2«* 7*-i ; rtm-f«f't -b-y'COh yTHC^f+SfU "9--Ao^^-l 4 2£ 

: J9)Vm%x*&mL. i-if«04^^- 1 4 OSrfflWC ffl^T^fl:?^. •tfw'O&IS*- 1 4 2J4FOR 

BafTI. U-f 7 7*34 8) . fcivc. JL~Ftf>£ih M^rtO*- 7 * wPK£SL-03MS*ll> (EP*>, 

f^7A«*. ^^AA^yr. W7*-Af-^ key ="server spubul ic key") (XT77372). 

£ffll>T!SM*12 2a s H£rS;h.6 (Xf773 5 iX^TM')^ -/-fe-io^a— -?7f< >-^JS2 24 
0) . ^Vvc^-Ax-^tf^cBSSilS (Xf 10 »U7*-77 ^-^'^SS^ixS (X 

•yT3 5 2) . d<XT\ #Jfi(ifrU^7>fTyh3$ r ^7*3 74) . 

jL^-vgySr^fS. ftSQ^fr-v-y [003 5] yyy&'tvi'ay^-ii. jyfKTu 

f£3EiE»l 2 21ii--f <7>£^&tf 7 *-Ar-? Bf^«t9f^gffil7y^Ah'.y h $; x 

2 5 6^fflV^TISK?itS (Xf7T3 50) . ifcW? j£3:h.&. a^^yrA^-^yX^'x^-:?^ 

7*- Ax-?#ffiJ5KS!«!3*i.& (Xf7735 ft£^LT*>i£L;fU:5:^. ^iitcoa»<0^8«iH 

2) . .lire. *IHi5@rU^7>fryh3 5 j.^- 1 ORVl Hzm^LXm^LH Schneier Kg&Sil 

ytmsth. X\^h. V-^t. SflLfcSS.* •y-fe-$Wfii$8£ 
[ 0 0 3 3 1 -fr-z^JL— fSIHME 20 IBltU tiffit&. t> LfflStf. &Wim£*i^X9c£ 

Ml 3I±, 014 t^Ti-if S^7 * -A 2 6 4 £8! «43ft*:£H-fcll3I-r h a.—-/ fi8tfc>«k 9 ^r^coS 

m-ht&Hz. 1 6#<£*tr&X-f y ^PSrStfiLTV^if. a.— Wm^-VtfJL-f 

•r&HLXM*. >7x7*7*7'7-r2 1 6ti. jl— TSS r-^-^1 3 2tCiEJn$^S. 02^-ridfc. 

7 *-A 2 6 4 5-tOHTM LjfJMt-^ 10 2 jl— ♦FfSffil^- FfcL JL—f&V JL— tftO&Si*— £ 

ip^m-h (xf7/3 6 0). jl— ifgfi7:r- a fres^. iwt lx (max. t, l^-aox-*^ 

264fcL jl— <f#M.isbhT-?xyhV7J-fr\:t: -XI 3 2#Kfcira:£itt8Kfc^£*^6#JL-if 

(Xf773 6 2). •7x7*7*7'>if«. (^'f **<0JL— «fEHfc^TVxWf ) » K#WJL-ifffi«^ 

Tyh3ye A -^OJL— nz£-?X&tkZtifz. SIX n-Ftt. ^wjl— f cD^df-^^i; 0 izw&zti 

/itzu. ?y4Tyv^y\z*-?ft<r)mrmfrt> h. 

®m*imiz2tifz)%M7*- aStjl— FtiBBrttcJfA 30 [ 0 0 3 6 ] 2x72323: 

. ftMWCtt, .1 OfPBfcL jl— »f -QjL-if^^-yN 102 t . jl- if 

^fcttaWSAH?. &l^3ttcJL-ift:J:o-C-9-->'N- Ji^x 7*7-7 -71f 2 1 6£aLTHTMLffi3l7=i— A 

(c^i-S^l^Htliir$tifc^fh^))t«)£OMieBI Atm*)* 1 0 2 fc3ci£f-6. IT 

^IHS^OJ: o%J-~ft:m£ffi<tt&T—?Z1t -*fs>t>?v4 Ty\-"<Mt>ti&'J>*j:< b t>3rR9HT 

tf. ML£S«L HTML FORM:?:/££tJ. I?£U^ 

[0 0 34] FORM^^(0g^7>f-^K*^. HitMtiittf. FORM^HL ISaHTML;***' 

7^-- AS-jl— f§M7*-j*t LxmiLt: (HH=>. b'OX oizy*- T y (mtf. •f-n*' 

request ="register" ) >>x 7*7*5^ 2 1 6{±. JL- ^fl:$ftT^S*>S^) £J$i7t-*ftH7 ^ 

•9*<^&^Bfr^fl:^-2 18£A*l^ -fitiSrMO^ y^ #tf. t)L-9--^>^^7-frvhA v i*^fi.§HTML 
-^'rt^mjgiOfiS'cESrS (Xr-y7-3 64) . JL 40 ^S* 5 B§^ft?ilTV^tf, FORM^rt^JjiB: 

— f^^fi^-2 1 8{i. vsmtZtvfzy*- v-y h rdf-j 7 >f-;UH^^LT^-vW^§3^— 

T\ '7x7'7'5'71f<7)TKPX?SSrt'Oi^$^ffiM -riifc*^**. tt7*-A*-. JL— rffiS^- 

JL— 1 8tt. T^lf AA^-f,ri : ^^t§^t)<0'CJ>fLtf, FORM^ 
OBff^fl:^-24 o^fflv^TBt^^tt-Cv^. «o M0^< -y-b-y^iT-^-fcM-frofc:. -eft^t'co 

T. ^x7'7'7'7^4ISBai<0fia* i ^^-5r, Xoizy*--?? h^ZirifyJ TVYWr x.1? 

#<0Bf^fk^r-2 4 0iSr'fJ^-CBfrf'ftrS. ftl-vT^x 7>71ffc:fe^rS^=5:7 ^-/UKS: tttt. ^7>fr 

TfJtrf 2 1 6«r>f >*^;PS^)12 3 0£&ffl y K7)'7x7 , 7*7 , 7f'2 1 6Ji^fL^FORM^r7 

U JL-ifc7)7-7W^-h^— 2 1 82rfflV^-C7*-A ^-;l/K£^. i— tf**HTM Lti^^tt-A 

r-^tCT-f y^/W yi-s (Xr-/ 7*3 6 6 ) . & ^OSiif >y-b->*$-J^)fc:7 3 r-V-/ 
fc. *>x.Tfj*> J f 2 \(>\iyyyj*± -yy 3 y#-4 50 .kotr-r&aflfSr^li^jiffrs. 
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[0037] 01 5A-1 5B«, &Ht*-/\* 1 0 2*» 
^2 16*Sffiffl-rSXxyTSr^tTV^. HTML* 

mz&m-ht (xf-/7380) , ^^777^2 

-f-^F#*ifFGE) (*7"-y73820Y) . FORM^ 

x7V7»7lf 2 1 •7x7*7*7'7-!f 2 1 6 

F0RM> ) yr4M?t> : f-5*mm.h (Xf7741 
4 ) . »7x 7*7*5 >7->F 2 1 6t±. jl— yor^-CC-h 
3f-2 1 ASrj^L (Xf774 1 

6) . HTML^SrtcO^^^M^UO^tS. 
[0038] *7x.-f-f : y*) J f?. 1 6IJFORM? 
/mh7*-7-/ F7 ^-/l/FfcWLT^SA*?"*' 
fcfcffi-TS (XT77-384) . t»LFORM^^*«T 
•7h7*-V yh7-f-;PHi5r*LTV^»t*Ur (Xf 
•y7"3 84<9N) . 7 4— ffllBfcrJPIS 
<tl) (XT77-386) . kLFORM:5'7'#*T'7F7 
*-"7-y f7-f-/l/KSr^fLTV>it{f (Xr-y 7*3 84 
COY) . T^F7*-^»/F74-7UF«JSIfr3fU 7 

*-A*«^$ix N mmzwmztiz c*.x-y7*3 8 

8) . -By it- Jxtf>mZtlXl&ok. ^^77^ 
>7f*2 16(i, <8ttSilT^Sr'7h7*-V y F7-T 

9*y-t-^£i*£{tt£. 

[0 0 39] t>LS^SitJtM0^ y*-v7 

f**t < s> 9Am%Bof 9 yrtm^xm^it 

•t&ZtZfgfeLX^tM (fiP^> s outforMt ="ensig 
n") % •7x7*7*7'7lf 2 1 6'i7*-Ax-*£j--1f 
£0T5-f<.-h^f-2 1 8£JHwCt* >*?/MM > 
U *v*-Vft<tf^<mWiZ94J*X9y7Zm\ 
■th (Xy--/73 9 2). Vx777W : 2 1 6 
»i-fc -/ >- 3 y^f- 2 5 4 £ 7 y^MZ^th (XT-y 
7*3 94) . 7-fe-y'5'IW7^At«L- 
Jt-fe-yv 3 ydf-2 54i£:ffl^'CB&^fl:-rS (XfyT 
3 9 6). ^BOHifeprCJi. y*<r&. 
X<r)m*7tt.Zft*z774 T> M vt-i?G&?)t:ibiz 

i'ayWzmiwv&rtt.ZtiizfyJTyhx-y-t-i' 

©gg^K^ Xf y7-3 9 6aM772il5. 
[0040] -b-y y 3 y^-2 5 4lit-^W- 
14 2 £J8WCBg^HI:$;fu VSmtZfltl* -y-fe-^'t: 
&f*S*U (Xf77398) . S8t:SLTilBHLfc 

&HTML7*- Afcftfc. *JtlieiSSitS#HTM 
L7*-AtfttC7xy7*7'7ifteSI§ilT. BfHHb 
ZmCth. iK^T. ( "A" ) £*T£77 
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?258&Vm8Ztl&-bv>'ay*-25 4<?)*-<r> 
£3 2 6 0 £#tr^y ^-V3- F 2 5 2#4M3ft 
4 . X y -fe- v*#7 * -V -y F $ *u *»Ww< 10 2 
^©HSftS Uf774 00) . t,LS*S*ut«0 
* -yb-^^^—V-y h**Bf^tJig£LT<-^f (HI 
outforaat = "encrypt" ) .. >7x 7*7*7 *7if 2 1 6 
fctki£L*:Xx-y 7*fc B-«0Xf y 7<n%ft*mxt 
h. '7x7*7*7'7if2 16{i-fe-/^3>^-254$-7 
>:J*"M:£jfrri> (Xf77394). <X^T'7*-A 
10 T-7£Z:<r)7yy&iZ&]&l,tH:-yi'3y*r-254 
fc/f^vCBfHHttS (^r-y 7*3 96) . -t yisay* 
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SECURITY SYSTEM AND r^THOD FOR 
FINANCIAL INSTITUTION SERVER AND CLIENT WEB BROWSER 

This invention relates to electronic communication systems and In particular to a 
method and apparatus for securely transmitting transactions from an application 
program. 

Background of the Invention 

Today, there is a great demand to support ordine financial transactions In a 
client/server computing environment The key to the success of such systems are 
security featuma to ensure that an authorized party securely transmits a 
communication to an authorized recipient At a minimum, five security features are 
needed privacy, data integrity, access-Control, user nonrepudlatlon, and a server 
side audit trail 

Current security technology for clients calling financial servers include (A) systems 
using passwords and the like to indicate a client's identity, (B) systems using session 
keys to encrypt the communications between a client and server so that outsiders 
cannot eavesdrop, and (C) systems using a digital signature and certification 
process. 

Session key encryption provides privacy protection, and password mechanisms 
provide base access control capabilities. The prior art does not provide absolute 
assurance that the party claiming to be a client Is in fact the identified client (or even 
that the party is using the client's workstation), and also does not protect the financial 
institution from claims by clients that they did not send a particular message or 
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request The audit trail of the prior art systems will only show that the party that sent 
the message or request used the client's password to log in, which is often not 
conclusive proof. Thus, the financial institution is at risk of repudiation of transactions 

by clients. 

Furthermore, the systems (e.g , Quicken, Netscape and Schwab's Smart Money using 
RSA encryption software) for encrypting the communications do so at the TCP/IP 
protocol layer of each system's software. Tills type of security technology limits the 
type of security features For instance, a security feature at the 

TCP/IP protocol level, such as SSL typically provides only privacy by encrypting all 
data transmitted, but it cannot authenticate the client 

Systems utilizing client digital signatures are typically used with digital certificates. 
Digital certificates require a public key to be signed by a trusted third party. They are 
typically used to authenticate that a particular public key is really that of a particular 
. user. However, financial Institutions are reluctant to utilize digital certificates since 
they are wary of the potential liability associated with their fraudulent misuse. 

Summary of the Invention ' 

The present invention pertains to a system and method for providing a secure 
communication mechanism between a financial server and a user associated with a 
web browser. The communication mechanism is used to ensure that financial 
transactions are securely transmitted between the user and server across a public 
network. The system Includes a group or users associated with dierrt computers that 
are interconnected, by a computer network such as the Internet to at least one 
financial saver associated with a server computer. 

The financial server has a web server that manages the interactions between the 
users, through their web browsers, and the financial server. The webserver ha& a 
repository of web pages associated with various financial services provided by the 
financial server. The web pages contain HTML documents and forms representing 
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financial transactions that are exchanged between the user and the server A user 
utilizes a web browser to access the HTML documents and to return data from HTML 
forms to the server. The server then processes the transactions and updates an audit 
trail that trades each transaction. 

Due to the hitfily confidential nature of the transactions, the system and method of 
the present Invention incorporates several security features into the web browser and 
web server The following five security features are provided: privacy, in the form of 
cession key encryption; data integrity, through the use of data encryption; access 
control , via a password mechanism; user nonrepudation, by means of digital 
signatures and timestamps; and a server side audit trail. 

The web browser Is provided with the capability to receive encrypted forms and to 
transmit messages containing timestamped, digitally signed, and encrypted form 
data The web browser has the ability to provide each user with a pair of encryption 
keys, preferably a private and public key pair. The web browser's Initialization 
procedure generates these keys during Installation. The keys are stored in an 
encrypted format and are arty accessible from within the browser. The private key is 
used to digitally "sign 0 a transaction message when so requested. 

The web browser is also provided with the capability to generate random session 
-keys, to decrypt HTML forms, and to encrypt and digitally sign aid timestamp HTML 
form data. In addition, the web browser can interpret HTML extensions to the FORM 
tag that specify that an HTML form is encrypted as well as request the return 
transmission of HTML form data in one of three formats: <1) encrypted; (2) digitally 
signed wrth a timestamp; or (3) encrypted and digitaBy signed with a timestamp. 

To return the encrypted form data, the web browser generates a random session key 
that is used to encrypt the message containing the form data. The session key is 
affixed to the return message and encrypted with the server's public key. A header 
record is included at the top of the message and includes a flag intficating that the 
form data Is encrypted. 
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If a form requires the user's digital signature, the*** browser uses the user's private 
key to "sign' the rt^med fwm data and to affa a digital timestarnp. The web server 
authenticates the user's digital signature with the user's public key. For farms 
requiring a digital signature and erKryp«on.me web browser signs the 
the user's private key and includes a digital tfmestamp as well. The wab browser 
generates a random session key that is used to encrypt m* form data. The random 
session key is affixed to the return message and encrypted with the server's public 
key. 

The web server reads the header record associated with a received message in order 
to determine the format of the message. A flag associated with the header record 
indicates the particular format The web server processes the message accordingly 
and updates an audit trail with the form date, the user's digital signature, and 
timestarnp, if applicable. 

. In order to verify a user's digital signature, a user registration process is performed 
initially by the web server at th» time a user's account is establ ished. The registration 
process Is facilitated by a user registration HTML form that elicits financial data 
pertaining to a potential user. A user appends its public key to the registration form 
data which is returned to the web server. The web server stores tha user's public key 
in a database and it is used thereafter to verify the user's digital signature which may 
be embedded In subsequent trarsactions. 

Brief Description of the Drawings 

Additional objects and features of the invention wflt be more readily apparent from the 
following Detailed Description and appended claims when taken in conjunction with 
the drawings in which: 

Fig. 1 shows a financial transaction processing system according to an embodiment 
of the present invention. 
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Fig. 2 shows a server computer system according to an embodiment of the present 
invention. 

Fig. 3 shows a diefrt computer system according to an embodiment of the present 
invention. 

. Fig. 4 shows a format of an autfit trail residing in the server computer. 

Ftg. 5 shows a return message layout in accordance with the present invention. 

Fig. 6 shows the record layout Of the header record of the return message of Fig. 5. 

Fig. 7 Is a schematic representation of an exemplary HTML FORM tag used in 
connection with a user registration form 

Fig. 8 is a schematic representation of an exemplary HTML FORM tag including 
additional fields that indicate the forma! of incoming forma and return messages. 

Pig. 9 is a flow chart of the steps used in the financial transaction processing system 
of the present invention. 

Rg 10 is a flow chart of the steps used by the web browser to establish encryption 
keys for a user. 

Fig. 11 is a schematic representation of an exemplary web page used by the web 
browser to initiate the generation of a user's encryption keys. 

F«s. 12A - 1 2B are flow charts of the steps used by the financial server in 
communteating with users Associated with client computers. 

Fig. 13 is a how chart of the steps used by the web broy^r in processing a user 
registration HTML form. 
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Fig. 14 is a schematic representation of an awnpboy user registration HTML form. 

Figs. 1 5A - 1 SB are flow charts of the steps used by ihe web browser In processing 
HIM. documents. 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 
QffiQtfSg 

Referring to Ffo 1 . the present invention pertains to a distributed financial transaction 
processing system 1 00 and method including at least one financial server associated 
with a server computer 102 in comrnunicaiion with a number of users associated with 
client computers 105. 

The financial server 1 02 provides various financial services which are offered by a 
financial institution such as a bank. Insurance company, brokerage firm, credit union, 
and the like. The financial services can include an online trading service, means for 
obtaining Investment product information or financial news, means for monitoring a 
user's portfolio holding, and the Bke. 

Users connected to the financial server 1 02 can request any one of the financial 
services. One or more wet psges are associated with a service and are downloaded 
to the cfient computer 106 at the user's request The y«b pages can indude HTML 
documents 124 containing HTML forms used to elicit in fo rm atio n from the user 106 
that is transmitted to the server 1 02 or to provide information to the user 1 06 from the 
server 102. in addition, the financial server 102 contains an audit trail 122 thai 
tracks each transaction. 

In certain cases, the HTML-forms 124a can be transmitted to the web browser 216 in 
an encrypted format or without any special formatting. The web browser returns 
massages 143 containing form data to the financial server 102 in an encrypted 
format, a format containing the user's digital signature and ttmestamp. an encrypted 
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format containing the user's drgrtal signature and timestamp, or without any special 
foimattins. The web browser 216 has the capability to recognize special extensions 
to the HTML FORM tag that indicate the format of the incoming document and specify 
the forma* of the data to bo returned. An alternate embodiment might specify 
extensions to otter KTML tags. 

In addition, the web browser 216 is equipped with encryption procedures 220, 
timestamp procedures 228, digital signature procedures 230, and random key 
generation procedures 232. The random key generation procedures 232 are used to 
generate session keys that are used in conjunction with fire encryption procedures 
220 to encrypt a return message. The digital signature 230 and timestamp 228 
procedures enable the web browser to digitally sign and timestamp a return message 
143. In addition, the Initialization procedures 226 enable the web browser 216 to 
generate encryption keys 218 that are used to represent and verify a user's digital 
signature. 

System Architecture 

Referring to Fig. 2, there is shown a distributed computer system 100 according to an 
embodiment of the present invention. The system 100 includes one or more server 
computers 102 and one or more client computers 106 that are in communication with 
each other through a communicatim link 104. Preferably, the communication link 
104 is a public network such as the Internet. 

A server computer 102 Includes a central processing unit (CPU) 108, a user interface . 
110, a communications interface 1 12, and a primary memory 1 14. The 
communications interface 1 12 is used to communicate with other user workstations as 
well as other system resources not relevant here. 

The primary memory 114 oT the server computer 102 may be implemented as RAM 
(random access memory) or a combination of RAM and non-volatile memory such as 
magnetic disk storage. The primary memory 114 of the server computer 102 can 
contain the following: 
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• an operating system 1 16; 
Internet access proceAires 118; 

• Web server procedures 120; 

• an audit trail 122 tracking each financial transaction processed by the financial 

server 102: 

• an HTML document repository 124; 

• an encryption procedure 128 for encrypting and decrypting data; 

• a cSgita! signature procedure 12a for sgning and verifying a digital signature; 

• a user database 132 storing information associated with each user; 

• one or more encryption keys 142 tor useby the server; 

• messages 143; 

a as well as other data structures and procedures. 

The user database 132 can store the following: 

• an account identifier 134; 

• a password 136; 

• one or more of the users encryption toys 1 40 that are used to authenticate a 
user's cfigttal signature; and 

• as well as other data structures and procedures. 

Referring to Fig. 3, a dient computer 106 includes a central processing unit (CPU) 
202, a user interface 204. a camirwmcstiora interface 205, and a primary memory 
20a The communications interface 206 Is used to communicate with other user 
workstations as wefl as other system resources not relevant here. 

The primary memory 208 of the client computer 106 may ba implemented as RAM 
{random access memory) or a combination of RAM and non-volatile memory such as 
magnetic disk storage. The primary memory 208 of the server computer 102 can 
contain the following: 

• en operating system 210; 

• network access procedures 212; 

• an HTML dncumentrepcatory 214; 
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• a web browser 2 16; 

• messages 143; 

• as well as other data structures and procedures. 
The web browser 216 can contain the following: 

• one or more user encryption keys 218 associated wfth the user's cflgrtal 
signature; 

• an encryption procedure 220 for encrypting and decrypting data; 

• a random key generation procedure 222 for randomly generating session keys; 

• a formatting procedure 224 for configuring a return message in a requested 
manner; 

• an initialization procedure 226 that establishes the user's encryption keys 21 8; 

• ttmestamp procedures 228 that generate a timestamp representing a time and 
date; 

• digital signature procedures 230 that are used to sign a form and verify a 
user's digital signature; 

• the user's password 232; 

• a browser welcome web page 234; 

• a browser's encryption key 240 that Is used to encrypt the user's encryption 
keys218; 

• one or more session keys 241 for use In encrypting return messages to the 
server; 

• as well as other data structures and procedures. 

Ffle Formats 

The present invention utilizes an audit trail and a form file having prescribed formats. 
Fig. 4 represents a formal of the server's auo5t trail 122. The audit trail 122 is used to 
track each transaction that is processed by the financial server 102. The audit trail 
122 serves a variety of purposes. One such purpose Is to verify client messages and 
requests. Each communication initiated by a client and received by the financial 
saver 102 is recorded In the audit trail 122 
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Each entry 242 in the audit trail 122 can contain an account Wentfer 243 associated 
with a particular user, the digital stature 244 associated with a particular user, a 
timestamp 245 representing the dale and time at which the user digitally slated the 
transaction, and the text 246 associated with the transaction. In some cases, a 
transaction form will contain the user's digital signature and timestamp. In these 
cases, the user's digital signature and timasflamp can be used to refute potential 
repudiation claims by the user. The existence of the user's digital signafexe and 
timestamp signifies that a particular user executed the transaction and at a certain 
(fate and time. The ability to refute repudiation claims is sometimes celled 
'nonrepudiatton.* 

The benefit of this Invention is that it helps reduce fraud and errors in three ways. 
First, it prevents unauthorized users from forging transactions. Second, ft makes it 
difficult for a user to repudiate a transaction that has actually been made. Lastly, 
audit trail entries are potentially useful as Jutfldal evidence. Furthermore, the security 
. features of the invention benefit companies such as Charles Schwab that offer 
securities and financial transaction services over the Internet 

h should be noted that, In the description above, frie timestamp stored In the audit 
trail was actually generated by the client it is possfote for this timestamp to be in 
error, either because of a configuration problem (e.g., the user's PC had fts dock set 
wrong} or because ctf fraudulent intent on the part of the user. The timestamp stored 
in the audit trail is thus merely the dtenfs assertion as to the time at which the 
transaction was made. The server has several options available that can increase 
the trustworthiness of the audit trafl entries. The server can store a timestamp of its 
own along with the client-supplied timestamp In the audit trail. Or, the server can 
reject transactions whose timestamp* differ from the current actual time by a 
significant amount. Another possibBly is for the server to generate a timestamp and 
send it to the client m another extension to the HTML FORM tag. The dient would 
indude the server-generated timestamp as part of the return message. Stilt another 
possibiiay would be for the server to generate a timestamp and to digitally sign it 
before sending it to the dient All of these possfele embodiments increase the 
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trustworthiness of the timestamps in the audit trail, thus serving to increase the 
usefulness of the audit brail in reducing fraud and errors. 

This invention employs digital signatures and encryption without using authentication 
certificates. Using digitaJ signatures and encryption wHhout. authentication certificates 
offers several advantages over the prior art use of aut hen ti ca tion certificates. Setting 
up the authenfeation certificate infrastructure is very time-consuming and costly. The 
process of issuing certificates is very cumbersome. Authentication certificates are 
usefuj in cases where more than two parties are involved in a transaction. The 
techniques employed in this invention are effective for two-party transactions, such as 
between a financial institution and one of its c usto mer s . Furthermore, these 
techniques avoid the expense of setting up the authentication certificate infrastructure 
as well as avoiding the overhead of certificate issuance and maintenance. 

Figs. 5 and 6 illustrate the return message layout that the web browser utilizes in 
returning a message 143 back to the server 1 02 The return message 143 contains a 
header record 252 containing an account Identification (ID) field 257, d flag field 258 
and a key length field 260. The flag field can take on the following values: "E\ 
representing an encrypted format 'S 1 , indicating that the form data 256 contains a 
digital signature and a timestamp; - A\ representing an encrypted format containing a 
digital signature and tfrnestamp; and 'N*. representing no special formatting. The key 
length field 260 indicates the length of a random session key when enclosed. 

The second record of the return message 143 can be the random session key 254. 
This key 254 Is enclosed In the return message whenever the form data 256 is 
encrypted. In cases where the data is not transmitted in an encrypted format, no 
session key is Included in the form file. The third portion of the return message 143 
contains fhe form data 256. The form data 256 is formatted as indicated in the flag 
field 258 of the header record 252. 
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tl should be noted thai the present invention is not limited to the file formats and 
contents as previously described other formats can be used that can include 
different contents. 

HTML F*tensmns 

The present invention employs extensions to the HTML FORM teg. One set of 
extensions pertains to processing the user registration HTML form 2S4. This farm is 
used to transmit the server's public key to the user and for the user to transmit to the 
server the user's public key. A second set of extensions is used to Indicate the format 
of received and transmitted HTML forms and return messages. 

Fig. 7 shows the extensions to the HTML FORM tag associated with a user 
registration form 268. The first is the request field (e.g., request = "register*) which is 
used to indicate the type of form that follows. A value of register indicates that the 
form is a registration form. The second new field is the key field (e.g., key = "server's 
public key") which is used to indicate the server's public key. The server's pubDc key 
is used in the encryption process associated with the returned user registration 
message. 

Fig. 8 illustrates the extensions to the HTML FORM tag that are used to indcate the 
format of incoming (Le.. received by the web browser) forms or outgoing (i.e., 
transmitted by the web browser to the server) messages. The HTML FORM tag can 
Include an outformat and an infomnat field. The outformat field specifies the format 
of the return message and the informal fieW specifies the format of the incomir^ or 
received form. The values for the informal field can include "enoypT incficating that 
the incoming form associated with the FORM tag is encrypted. The values for the 
outformat field can include 'encrypt", 'sign\ or -ensign.* The "enoypT value signifies 
that the form data is to be'retumed in an encrypted format The "sign* value signifies 
that the relumed form data is to include the user's digital signature and timestamp. 
The "ensigrf value signifies that the returned form data is to be encrypted and include 
the user's digital signature and timestamp. 
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ln addition, the key field can be used to transmit a server's encryption key along wHh 
the irtformat and outformat fieki. The server's public key is transmitted to the web 
browser in order for the public key to be used to encrypt the session key. In one 
embodiment, the server's public key can be Included In each HTML form that requires 
encryption In another embocfiment, the server's public key can be included in the 
first HTML form transmitted to the user, tt is reamed by the web browser for the 
duration of the session. This obviates the need to retransmit (he server's public key 
with each subsequent transmission. 

The HTML forms emanating from the financial server can contain any combination of 
the above mentioned new fields in a FORM tag. Furthermore, the present invention 
can also accommodate a version of HTML that does not incorporate any of the new 
fields. 

Although the present invention has been described wrth reference to a particular 
syntax for the new field in the HTML FORM tag, it is not Gmited to this particular 
embodiment Any other syntax can be used provided that it provides a similar 
function. In addition, the present Invention can be achieved using different HTML 
tags or through the use of nevv HTML tags. 

The general architecture associated with the present Invention has now been 
disclosed. Attention presently turns to a more detailed consideration of the 
architecture of the invention, the processing performed by the invention, the 
distinctions between the elements of the architecture, and the advantages associated 
with the disclosed technology. 

Financial Transaction Processing Overview 

Fig. 9 illustrates the steps-used in the financial transaction processing system 100 
and method of the present Invention Initially, a user associated with a client 
computer 106 installs a web browser 216 that generates a pair of encryption keys 218 
{step 226). Preferably, a privatefcublic key pair 216 is created where the private key 
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is used fay the user to digitally sign forms and the pubfic key Is used by the server to 
authenticate the user's digital signature. 

A user establishes an account 134 with the financial server 10Z This account 134 is 
established through a user registration HTML form 264 that is transmitted to the user 
when the user initially accesses the financial server 1 02 (step 274). The user 
registration HTML form 264 elicits general and financial data from the user as well as 
the user's public key 140. 

Once the user has established an account 134 with the financial sever 102, the user 
can logon or access the account 1 34 at various times (step 276). During each logon 
cession, the user and financial server 102 can exchange HTML transaction forms 124 
and forms data 143 (step 278), The format of the forms varies depending on the 
transaction type. In some cases, the serve- 102 can transmit to the user an 
encrypted form. In other cases, the server 1 02 can request that the web browser 216 
return a message In a number of formats. At the completion of a particular session, 
the user exits (step 280) and can reactivate another session with the financial server 
102 at a later time. 

Each of the aforementioned processes will now be described below in more detail. 

The Web Browser initfaHzatlon Procedure 
Initially before the financial transaction system 100 is initiated, a user installs a web 
browser 216 in the client computer 106. As part of the web browser's installation 
process, an initialization procedure 226 executes which generates one or more 
encryption keys 218. Preferably, a private and public key pair are generated. The 
private key Is used to create the users digital signature and the public key i9 used to 
verify the user's digital signature. 

Referring to Figs. 10 and 11, the initialization procedure 226 displays a browser 
welcome page 234 (step 300). The initialization procedure 226 prompts the user tor 
the password 232 associated with the browser 216 and verifies it (step 302). Upon 



(33) 



1-85890 



-15- 

successful verification, the user's private/jpuNic encryption Keys 218 are generated 
(step 304) and, optionally, displayed to the user (step 306). Any of the wall known 
encryption techniques can be used to generate the encryption keys 218. Encryption 
techniques ere described in Schneier, A p plied Cryptography. John Wiley & Sons, 2d 
ed., 1996, which is hereby incorporated by reference as background information. 

The irvtiallzation procedure 226 then encrypts the user's encryption keys 218 using 
the browser's encryption key 240 (step 306) to protect those keys from misuse or 
misappropriation, and stores them in a predefined location within the web browser's 
address space (step 310). 

Financial Server Processing 
Figs. 12A- 12B illustrate the steps used by the financial server 102 in processing 
requests and transactions from the users. A user accesses the financial server 102 
by means of an account identtfier 134 and a password 135 (step 320). The financial 
server 102 verifies the account 134 and its password 1136 (step 322). This verification 
can be performed by matching the account 134 and password 136 against the data in 
the user database 132. If the financial server 102 has determined that the user Is 
new (step 324-Y) it transmits a user registration form 264 to the user (step 326). The 
details of the user registration procedure is described in detail below with reference to 
Fig. 13. 

Ofrerwise, the user has an estabtished account 134 with the financial server 1Q2 
(step 324-N). The financial server 102 awaits for transmissions from the client (step 
328). The transmissions can be requests for web pages, form data, as well as other 
types of communicationsL The financial server 102 identrfras the type of transmission 
received from the client (step 330) end processes it accordingly. 

if the transmission was a request for one or more web pages, tha financial server 1 02 
obtains the requested web page and transmits them to the user (step 334). The web 
Pages can contain HTML forms that are encrypted (&g. t documents with confidential 
informaSon are encrypted). The encrypted forms are identified by special fields In the 
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FORM tag as was described above previously with reference to fig, 7. Messages 
with confidential user Information sent by a client to the server are preferably 
encrypted with a session key. Forms sent by ths server to a client are preferably 
encrypted by flie server with the client's public key, because any form or document 
encrypted with the client's public key can be decrypted and viewed only by a person 
or system having access to the cfient's private key. 

Alternately, forms containing confidential information sent by the server to a client can 
be encrypted with a session key generated by either the server or dient. If the 
session key is generated by the server, the session key Is encrypted wBh the client's 
public key. attached to the encrypted torn being sent to the client, h this 
embodiment, the client first decrypts the session key with its private key aid then 
decrypts the form with the session key. Session key encryption is often preferred for 
encrypting documents (as opposed to short messages) because it is typically 
performed using encryption techniques (such as DES) that are much less 
computationally expensive than public/private key encryption. 

In yet another alternate embodiment, the_server can utilize a different pair of 
puWic/private encryption keys,for each user. In another alternate embodiment, the 
server can utilise a different pair of public/private encryption keys tor each user for 
each logon session. 

W the transmission is a return message, the flag field 258 of the header record 252 
associated with the message is decoded in ortier to identify the format type (step 
332). For an encrypted message (Le. B flag=*E*) l the server's private key 142 Is used 
to decrypt the encrypted session key 254 (step 336). The session key was encrypted 
by the user's web browser 216 with the server's public key. The session key 254 Is 
then used to decrypt the enclosed form data 256 (step 338). The server's audrt trail 
122 is then updated with the user's account and the form data 256 (step 340). The 
form data 256 is then processed accordingly (step 342). 

For an encrypted message thai contains the user's digital signature and timestamp 
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(i.e., ftag^A"), the server's private key 142 is used to decrypt the embedded session 
key 254 (step 344}. The session key 254 is then used to decrypt the enclosed form 
data 256 (step 346). Next the user's digital signature 218 is located within the 
message and verified with the user's public key 140. The time&amp associated with 
the user's digital signature is also extracted from a predefined location within the 
message (step 346). The user's public key 140 is obtained from the server's user 
database 132. The financial server 102 searches the user database 132 using the 
account ID field 257 of the header record associated with the message. The audit 
traD 122 Is then updated with the user's account, flgitai signature, trmestamp, and the 
form data (step 350). The form data fs then processed according ly (step 352). The 
procedure then awaits for a new client communication. 

An incoming message 143 thai contains the digital signature of the user (Le.. 
flag=*S") is processed using some of the same steps as a message that is encrypted 
with the user's digital signature and timestamp. The financial server 1 02 locates the 
digital signature of the user within the message which is verified with the user's public 
key 140 (step 346). The audit trail 1 22 is then updated with the user's account, digital 
signature, timestamp, and the form data (step 350). The form data is then processed 
accordingly (step 352). The procedure then awaits for a new client communication. 

For messages that are not received in a sped a! format (Le., messages that are 
received in a non-encrypted, plain format), the audit trail 122 is updated with the 
user's account and the form data 256 (step 350). The form data is thai processed 
accordingly (step 352). The procedure then awaits for a new dient communication. 

Server's User Registration Procedure 
Fig. 13 ifiustrates the steps used by the web browser 216 in processing a user 
registration form 264 shown in Fig. 14. The web browser 216 receives an HTML 
document containing a user registration form 264 from the financial server 102 (step 
360). 

The user registration form 264 includes data entry fields that the user fills in (step 
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3S2). The web browser inserts into the registration form user information (provided 
by the user of the client computer andfor available to it from other resources in the 
client computer), typically including data that uniquely identifier the user such as the 
user's name, soda! security number or equivalent identifier, and the financial 
institution account number for m account previously established by the user with the 
financial institution associated with the server. 

The web browser 216, having identified the form as the user registration form from 
the request field of the FORM tag (i,e (| request^register*), obtains the user's public 
encryption key 218 and places it into a predefined location within the return message 
(step 364). The user's public key 218 is stored in an encrypted format in a specified 
location within the web browser's address space. The user's encryption keys 21 8 
were encrypted with the browser's encryption key 240. Thus, the web browser 
decrypts the key from the known location with its own encryption key 240. 

The web browser 21 6 then uses the digftal signature procedures 230 to digitally sign 
the form data \Mth the user's private key 21 8 (step 386). Next, the web browser 21 6 
uses the random session key generation_procedures 222 to generate a random 
session key 254 (step 358). The random session key 254 is used to encrypt the form 
data (step 370). The session kay 254 is affixed to the top of the massage and 
encrypted with the server's public key 142. The server's public key 142 is transmitted 
through the key field in the FORM tag (i.e.. key - "server's public keyT) (step 372). 
The return message is then formatted using the formatting procedures 224 and 
transmitted to the server (step 374). 

A random session key is a random-bit string generated by means of a random 
process. Typically, the key bits are generated from a reliably random source or a 
cryptographicalfy secure pseudo-random bit generator. Any of the well known 
random sequence generators can be used A description of these techniques can be 
found In the Schneier reference previously mentioned with respect to Figs. 10 and 
11. 
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The server decrypts and verifies the information in the received registration message. 
tf 1he information satisfies predefined acceptance criteria, such as matching user 
information associated with a previously established account at the financial 
institution, then a user information record is added to the user database 132. As 
shown in Rg. 2, the user information record identifies the user and the user's public 
key. Alternately (e,g., if the server's database 132 already contains user records for 
every user having an account at the associated financial institution), a previously 
existing user information record is updated to Include the user's public key, 

Web BrWttf 

Once the user is registered with the financial server 102, the user, through the web 
browser 216, exchanges HTML transaction forms and return messages with the 
financial server 102. At least some of the HTML documents sent by the server to a 
client will contain an HTML FORM tag. In ac c orda nce with a preferred embodiment, 
the FORM tag includes special fields that indicate how the associated HTML 
document is formatted (e.g M whether or not it is encrypted). If the HTML document 
sent by the server to a dient is encrypted, a 6pecral "key" field in the FORM tag can 
be used to specify the server's public key. If the form is of the type that requests user 
information be returned to the server, theFORM tag also includes special fields that 
instruct the client's Web browser as to how the return message should be formatted 
before It is returned to the saver. The client's web browser 216 reads these FORM 
tag fields and performs the appropriate procedures to enable the user to read the 
HTML document and to property format the message for transmission back to the 
server. 

Figs. 15A-15B Illustrate the steps used by the web browser 216 in processing HTML 
documents that are received from the financial server 102. Upon receipt of an HTML 
document (step 380), the web browser 21 6 Inspects the fields of the FORM tag. rfthe 
FORM tag indicates that the form associated with the tag is encrypted (i.e., the * 
existence of an informat field) (step 382-Y), the web browser 21 6 recognizee that the 
data contained between the FORM tag pairs is encrypted. The web browser 216 
reads the data from the file until it reaches the corresponding FORM tag pair (i.e., 
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</F0RM>) (step 414). The web browser 21 6 decrypts the form with the user's private 
key 218 (step 416) aid continues to read the tags in the HTML document 

Next, the web browser 21 6 detects if the FORM tag has an outturn^ field (step 384). 
If the FORM tag does not include an outformat field (step 384-N), the form is 
displayed and processed accordingly (step 386). Otherwise (step 3B4-Y), the 
outformat field is stored and the form is displayed and processed accorcfingly (step 
388). 

Once the form has been processed, the web browser 216 p r e par e s the return 
message in accordance with the requested directives specified in the stored 
outformat field (step 390). 

If the requested return message format specified encryption with a digital signature 
and timestamp {i.e., outformat = "ensign"), the web browser 21 6 digitally signs the 
form data with the user's private key 218 and appends a timestamp at a predefined 
location within the message (step 392). Next, the web browser 216 randomly 
generates a session key 254 (step 394). .The message is then encrypted with the 
randomly generated session key 254 (step 396). tn some embodiments, a single * 
session key is used for all encrypted client massage transmissions during a single 
session, in which case step 396 is skipped after the transmission of the first 
encrypted client message during a session. 

The session key 254 is encrypted with the server's public key 142 and affixed to the 
encrypted message (step 338). As noted above with respect to Fig. 8, the server's 
encryption key is transmitted to the web browser either initiaBy with fte first 
transmitted HTML form or with each transmitted HTML form requiring encryption. 

A header record 252 Is then generated containing a flag 258 having the appropriate 
value {°A") and the key length 260 of the enclosed session key 254. The message is 
formatted and then transmitted to the financial server 1 02 (step 400). 
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tf fte requested return message formal specified encryption (i.e., outformat = 
•encrypt"), the web browser 216 performs some of the same steps described above. 
The web browser 216 randomly generates a session key 254 (step 394). TTieform 
data is then encrypted with the randomly generated session key 254 (step 396). The 
session key 254 is affixed to the encrypted form data and enciypted with the swrn's 
pubSc key 142 (step 398). A header record 252 is then generated containing a flag 
258 having the appropriate value fE - ) and the key length 260 of the enclosed ■ 
session key. .The message is formatted and then transmitted to the financial server 
102 (step 400). 

tf the requested return message format specified the user's cSgiteJ sfgrwrture (i.e., 
outformat* "sign'), the web browser 216 signs me form data with the user's private 
key 218 (step 410). In addition, a timestamp is generated and appended to the form 
data (step 410). A header record 252 is then generated containing the appropriate 
flag value ("S"). Since no session key Is enclosed in the message, the key length 
Held Is Wank. The message is formatted and then transmitted to the financial server 
102 (step 412). 

In conclusion, the aforementioned description describes a method and system for 
securely transmitting transactions embodied as HTML forms between a financial 
server and a web browser. The technology of the present invention incorporates five 
- security features to ensure that only the intended parties of the transaction securely 
receive and transmit a transaction. The five security features include: privacy, in the 
form of session key encryption; data integrity, through the use of data encryption; 
access control, via a password mechanisms user nonrepudiation, by means of digital 
signatures and timestamps; and a server side audit trail. These security features are 
embedded in the financial server end web browser In an automatic and transparent 
manner. 
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Alternate Embodiments 
While the present invention has been described with reference to a few specific 
embodiments, the description is illustrative of the invention and is not to be construed 
as to limiting the invention. Various modifications may occur to those skilled in the art 
without departing from the true spirit and scope of the invention as defined by the 
appended claims. 

Further, the method and system described hereinabove is amenable for execution on 
various types of executable mediums other than a memory device such as a random 
access memory. Other types of executable mediums can be used, such as but not 
limited to. a computer readable storage medium which can be my memory device, 
compact disc, or floppy disk. 

Although the present invention has been described with reference to encryption and 
digital signature techniques that ufflteB encryption key pairs, it is not limited to this 
particular technique. Any technology or technique that provides similar functionality 
can be utilized. 

Furthermore, one skilled in the art can easily modify the present invention to 
i incorporate a digital signature mechanism in the HTML forms that are transmitted to a 
web browser. Moreover, additional security features can be easily added to either the 
client or server side of the transaction processing. 
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WHAT IS CLAIMED: 

1 . A computer-implemented method for transmitting financial transactions 
between at least one client computer and at least one server computer 
interconnected by a communications link, the method comprising the steps of. 

(a) receiving one or more HTML documents from fte server computer, a 
subset of the doctrnents including format directives, each of a first subset of the 
format directives indicating an outgoing transmission format used in transmitting a 
return message to the server computer, each of a second subset of the format 
directives Indicating an Incoming transmission format used to receive an HTML 
document each of the first and second subsets cf format directives associated with at 
least one cryptographic technique; 

(b) Inserting form data from a received HTML document into said return 
message; 

(c) applying one or more cryptographic techniques to the form data, each 
applied cryptographic technique Identified In a respective format directive associated 
with the received HTML document; and 

(d) transmitting the return message to the server computer. 

Z The method of claim 1, 

the format directives selected from the set consisting of encryption, digital 
signature and tirnestamp, and encryption with oJgita! signature and tlmestamp* 

3. The method of claim 1 , 

step (c) further including the steps of: 

(1 ) generating a first encryption key; 

(2) encrypting the form data, including any inserted user related 
information, with the first encryption key; 

(3) affixing the first encryption key to the return message; and 

(4) encrypting the first encryption key \rith a second encryption key. 

4. The method of claim 3, 
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step (c)(1) further induding the step of utilizing a random key sequence 
generator to gmerate the first encryption key. 

5. The method of claim 3, 

step (c)(4) further including the step of obtaining the second encryption key 
from the server computer. 

a The matted of daim 3L 

step (c)(1) further including the step of. 

prior to the generating step, storing a digital signature associated with a 
specified user in the return messaga 

7. The method of claim 6, 

step (c) further including the steps of: 

generating a digital signature and a digital signature verifier; and 
providing the server computer with the digital signature verifier. 

8. The method of daim 1, 

step (c) further induding the step of storing a timestamp in the return message. 

9. A web browser for accessing data within a computer system include at least 
ore client computer connected through a communications link with at least one server 
computer, the browser comprising: 

a memory for storing a plurality of HTML documents, a subset of the HTML 
documents induding cryptographic protocol directives for use in returning form 
data inducted in said HTML documents; 

browsing mechanism for retrieving various ones of the HTML documents from 
the server and for inserting user related information in said form data which is 
included in a return message; and 

a cryptographic processing mechanism for processing the return message and 
HTML documents in accordance with a specified cryptographic protocol; 

wherein the web browser utHfcaes the browsing mechanism to receive and 
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transmit the return message to and from the server computer and utilizes the 
cryptographic processing mechanism to exercise me or more cryptographic protocols 
on the HTML documents and return message m order to enable receipt of the HTML 
documents by an intended user associated with the client computer and to provide 
secure transmission of the return message transmitted to the server computer. 

10. The web browser of daim 9, 

the cryptographic processing mechanism Including an encryption processing 
mechanism far encrypting the return message and decrypting HTML documents. 

11. The web browser of dalm 9, 

the crypto&aphic processing mechanism including a digital signature 
processing mechanism for signing the return message and authenticating HTML 
documents. 

12. The web browser of claim 11 t 

the digital signature processing mechanism Including a tirnestamp processing 
mechanism. 

i 

13. The web browser of claim 9, 

the cryptographic processing mechanism including an encryption key 
generation mechanism for creating one or more encryption keys. 

14. The web browser of claim 13, 

the encryption key generation mechanism including a random key generation 
mechanism for creating one or more random session keys. 

15. A computer readable storage medium containing a computer code mechanism 
for use with a financial server, the computer code mechanism comprising: 

a browsing mechanism for retrieving HTML documents from the financial ■ 
server, said HTML documents Including form data, said browsing mechanism 
inserting user related information In said form data which is appended to a return 
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message that is transmitted to the financial server, a subset of the HTML documents 
retrieved from the financial server including cryptographic protoco l directives for use 
in exchanging return messages to the financial server; and 

a cryptographic processing mechanism tor processing the HTML documents In 
accordance with a specified cryptographic protocol; 

wherein the computer code mechanism utilizes the browsing mechanism to 
receive HTML documents from the financial server and to transmit return messages 
to the financial server and utilizes the cryptographic processing mechanism for 
exercising one or more cryptographic protocols on the HTML documents in order to 
enable receipt of the received HTML documents by an intended user and to ensure 
secure transmission of the return message transmitted to the financial server. 

16. The medium of claim 1 5 f 

the cryptographic processing mechanism including an encryption processing 
mechanism for decrypting HTML documents and encrypting the return message. 

1 7. The medium of claim 15, 

the cryptographic processing meehaiism including a digital signature 
processing mechanism for signing the return message and authenticating the HTML 
documents. 

1 8. The medium of claim 1 7, 

the digital signature processing mechanism inducting a timestamp processing 
mechanism, 

1 9. The medium of dairn 1 5, 

the cryptographic processing mechanism including an encryption key 
generation mechanism for creating one or more encryption keys. 

20. The medium of claim 19, 

the encryption key generation mechanism induing a random key generation 
mechanism for creating one or more random session keys. 
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21. A computer network for financial transaction processing, Bie network 
comprising: 

a plurality of dient computers, each client computer associated with one or 
more users; 

at least one financial server comprising: 

a memory for storing a plurality of HTML documents representing 
financial transactions, each HTML document including form data, a subset of the 
HTML documents including cry pt o g r ap hic protocol directives for use in exchanging 
financial transactions between the client computers and the server computer; 

one or more cryp t ographic processing mechanisms for use in encoding 
said form data and decoding each received HTML document; and 

a server mechanism for managing communications tram the dient 
computers, a subset of the communications Including a return message including the 
form data, the server mechanism including instructions to interpret the cryptographic 
protocol directives associated with each received return message end to process 
each received return message in accordance with one or more corresponding 
cryptographic protocol mechanisms. 

22. The network of claim?! 

the cryptographic processing mechanism including: 

an encryption processing mechanism for encrypting the form data and 
• decrypting the HTML documents; 

a user inf o rmati on database thai includes user public key information 
associated with each user registered to exchange confidential information with the 
financial server; 

a digital signature verification mechanism for verifying a digital signature 
in each digitally signed* communication received from a client computer in accordance 
with the corresponding digital signature, if any, stored in the user information 
database; and 

an audit trail for storing records of digitally signed communications 
received from client computes sufficient to prove that such each received 
communication was digitally signed by a respective user registered to exchange 
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confidential formation with the financial server. 

23. The network of claim 22, 

the cryptographic protocol directives selected from the set consisting of 
encryption, digital signature and timestamp, and encryption with digital signature and 
timestamp. 

24. The network of claim 22, 

each client computer including a web browser for accessing HTML documents 
from the financial server. 

25. The network of dalm 24, 

the web browser including a cryptographic processing mechanism for 
encrypting form data and decrypting the accessed HTML documents. 

26. The network of claim 24, 

the web browser including a digital signature processing mechanism for 
signing the return messageand' authenticating HTML documents. 

27. The network of claim 26. 

the digital signature processing mechanism further including a timestamp 
processing mechanism. 

28. The network of claim 24, 

the web browser including an encryption key generation mechanism for 
creating one or more encryption keys 
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ABSTRACT OF THE DISCLOSURE 



The financial transaction processing system includes at least one financial server 
connected through a public network to a number of users associated with client 
computers. Each user accesses the financial server through a web browser. The 
web browser is provided with the capabilities to generate encryption keys, to encrypt 
and decrypt HTML forms, ami to digitally sign and timestamp HTML forms. The 
financial server transfers web pages inducing HTML forms representing financial 
transactions. The HTML forms contain extensions that specify the format of an 
incoming format and the format of a returned form. An HTML form can be transmitted 
in an encrypted format, in a format including a user's digital signature and timestamp, 
and in an encrypted format that contains the user's digital signature and timestamp. 
The financial server tracks each processed transaction through an audit trail including 
the user's account, the user's digital signature, the timestamp of the transaction, and 
the text of the transaction. 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 

□ FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 
□fREFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



